WebServer Single Sign On (SSO) SAML Request

[Tim]

I have a NetTalk Web Server site that should pass authenticated users to a vendor site via a SSO SAML request. I can successfully send the request and login to the vendor's site using a NetWebClient post (I see the successful login pages being received in the PageReceived method). However, I cannot link-up, post, send, redirect, whatever, the received pages to the user's browser.

Is there a web server method which links/posts to another party's site x-www-form-urlencoded content type AND have the user's browser follow?

I tried a p_web.script p_web.windowopen on the URL after login. It didn't work. I'm pretty sure it doesn't work because cookies aren't being sent.

Does anyone have any ideas? Thanks in advance.

Clarion 11
NetTalk 11.29

[Bruce]

Hi Tim,

without specifics it's hard to be specific, but likely you should do the client part from a JavaScript function on the page, not from the server. That would be the way I'd approach it.

Cheers
Bruce

[Tim]

Hi Bruce,

Thank you for your reply. Just to make sure that I understand, and to provide more info...

I am building some XML, encoding the XML, placing the encoded XML in the below SAMLResponse field, and POSTing the below to the vendor's site:

POST [vendor's URL] HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */*
Accept-Language: en
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2.16) Gecko/20110319 Firefox/3.6.16 ( .NET CLR 3.5.30729; .NET4.0C)
Host: [vendor's site]
Content-Length: 5427
Connection: Keep-Alive

SAMLResponse=[a bunch of characters like this:PHNhbWxwOlJlc3B, not XML]&RelayState=[vendor's URL]

After sending the above, the vendor's site responds with their logged-in page that should display on the user's browser. When I've done SOAP in the past, I simply receive data and handle it accordingly. This time, I am trying to send the below and simultaneously have the user link to the vendor's page. Sorry if this doesn't make sense or does not give you sufficient info; this is the best I know how to explain it.

Are you suggesting that the JavaScript function handle building and encoding the XML?

Thank you again,

Tim

[Bruce]

>> After sending the above, the vendor's site responds with their logged-in page that should display on the user's browser.

Then send the POST _from the browser_ not from the server.
ie Write the POST as a JavaScript function, not as a server-side function.

cheers
Bruce

[Tim]

A JavaScript function (my first) did the trick. Thank you Bruce!